69/68 Thursday, February 20, 2025
Security researchers from Fortinet have issued a warning about the spread of a new variant of the Snake Keylogger malware, which is actively targeting Windows users in Asia and Europe. The latest version of this malware leverages AutoIt scripting language to install itself while enhancing its ability to evade antivirus detection. Snake Keylogger is an information-stealing malware based on Microsoft .NET, capable of recording keystrokes, capturing screenshots, and stealing sensitive data, such as usernames, passwords, and credit card information. It primarily spreads through malicious email attachments before being executed on victims’ systems.
Malware analysts at FortiGuard Labs discovered that the new variant of Snake Keylogger employs advanced evasion techniques to bypass security detection. The malware file is embedded in AutoIt scripts, allowing it to evade traditional security solutions. Once installed, it copies itself into system folders, configures automatic execution via script files, and utilizes Process Hollowing to inject malicious code into legitimate Windows processes. This ensures its persistence even after system reboots. Additionally, Snake Keylogger leverages Windows APIs to monitor and log victims’ keystrokes while exfiltrating stolen data to attackers via multiple channels, including Telegram bots and HTTP POST requests. Researchers also warned that the malware can extract the victim’s public IP address to approximate their location.
As a precaution, Windows users should exercise extreme caution, avoid opening email attachments from untrusted sources, and install robust antivirus software capable of detecting this type of threat.
Source https://www.theregister.com/2025/02/18/new_snake_keylogger_infects_windows/
